WatchGuard Essentials最新問題集[2023]高得点を掴み取れ
Essentials問題集JPNTest100%合格率保証
WatchGuard Essentials 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
質問 18
Match each WatchGuard Subscription Service with its function.
Uses rules, pattern matching, and sender reputation to block unwanted email messages. (Choose one).
- A. Reputation Enable Defense RED
- B. Spam Blocker
- C. Intrusion Prevention Server IPS
- D. APTBlocker
- E. Gateway / Antivirus
正解: B
解説:
SpamBlocker provides a spam scanning engine that works in concert with WatchGuard's cloud-based technology to prevent spam from gaining access to the email servers (and clients).
Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
質問 19
Which tool is used to see a treemap visualization of the traffic through your Firebox? (Select one)
- A. Traffic Monitor
- B. Firebox System Manager - Subscription services
- C. FireWatch
- D. Log Server
- E. FireBox System Manager - Blocked Sites list
- F. Firebox System Manager - Authentication list
正解: C
解説:
Explanation/Reference:
The FireWatch page is separated into tabs of data that is presented in a Treemap Visualization. The treemap is a widget that proportionally sizes blocks in the display to represent the data for that tab. The largest blocks on the tab represent the largest data users. The data is sorted by the tab you select and the type you select from the drop-down list at the top right of the page.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
質問 20
A local branch office VPN tunnel route is configured as shown in this image.
On the remote peer device, what must be configured as the remote network address for this tunnel route? (Select one.)
- A. 10.0.10.0/24
- B. 10.0.20.0/24
- C. 10.0.1.0/24
正解: A
質問 21
What settings must you device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.)
- A. Configure a policy to use a proxy action that has AntiVirus settings configured.
- B. Install the Gateway AntiVirus server on your network.
- C. Decrease the scan limits
- D. Configure Gateway AntiVirus settings for a proxy action.
- E. Disable automatic signature updates.
正解: A,D
質問 22
What is the best method to downgrade the version of Fireware OS on your Firebox without losing all device configuration settings? (Select one.)
- A. Use the downgrade feature on Policy Manager to select a previous of Fireware OS.
- B. Restore a saved backup image that was created for the device before the last Fireware OS upgrade.
- C. Change the OS compatibility setting in Policy Manager to downgrade the device. Then use Policy Manager to save the configuration to the device.
- D. Use the Upgrade OS feature in Fireware Web UI to install the sysa_dl file for an order version of Fireware OS.
正解: B
質問 23
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)
- A. HTTP port 80
- B. FTP port 21
- C. NAT policy
- D. HTTPS port 443
- E. DNS port 53
正解: A,D,E
解説:
Explanation/Reference:
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy and then decide you want to allow all TCP and UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function.
This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97
質問 24
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES
What settings could you modify in the local device configuration to resolve this issue? (Select one.)
- A. BOVPN-Allow policies
- B. BOVPN Tunnel Route settings
- C. BOVPN Gateway settings
- D. BOVPN Tunnel settings
正解: C
解説:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.
質問 25
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)
- A. Default route VPN automatically allows dynamic NAT
- B. Default route VPN uses less bandwidth
- C. Default route VPN uses less processing power
- D. Default route VPN allows your Firebox to examine all remote user traffic
正解: A
質問 26
How is a proxy policy different from a packet filter policy? (Select two.)
- A. Only a proxy policy can prevent specific threats without blocking the entire connection.
- B. Only a proxy policy examines information in the IP header.
- C. Only a proxy works ta the application, network, and transport layers to examine all connection data.
- D. Only a proxy policy uses the IP source, destination, and port to control network traffic.
正解: C,D
質問 27
Which items are included in a Firebox backup image? (Select four.)
- A. Feature keys
- B. Fireware OS
- C. Log file
- D. Support snapshot
- E. Certificates
- F. Configuration file
正解: A,B,E,F
解説:
A Firebox backup imageis a saved copy of the working image from the Firebox flash disk. The backup image includes the Firebox appliance software, configuration file, licenses, and certificates.
When you purchase an option for your Firebox, you add a new feature key to your configuration file.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 14, 57
質問 28
You have a privately addressed email server behind your Firebox. If you want to make sure that all traffic from this server to the Internet appears to come from the public IP address 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)
- A. In the SMTP policy that handles traffic from the email server, select the option to apply dynamic NAT to all traffic in the policy and set the source IP address 203.0.113.25.
- B. Create a static NAT action for traffic to the email server, and set the source IP address to 203.0.113.25.
- C. Create a global dynamic NAT rule for traffic from the email server and set the source IP address to
203.0.113.25.
正解: C
質問 29
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2? (Select one.)
- A. Remove Any-Optional from the To list of the WatchGuard policy
- B. Remove Eth2 from the Any-Optional alias.
- C. Remove Any-Optional from the To list of the WatchGuard Web UI policy.
- D. Remove Any-Optional from the From list of the WatchGuard Web UI policy
- E. Remove Any-Optional from the From list of the WatchGuard policy.
正解: C
質問 30
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.)
- A. Add IP addresses that correspond to each software update server in the domain.
- B. Create an alias for all subdomains and known IP addresses for example.com.
- C. Configure an FQDN for *.example.com.
- D. Configure a host name for update.example.com.
正解: C
質問 31
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2?
(Select one.)
- A. Remove Any-Optional from the To list of the WatchGuard policy
- B. Remove Eth2 from the Any-Optional alias.
- C. Remove Any-Optional from the From list of the WatchGuard Web UI policy
- D. Remove Any-Optional from the From list of the WatchGuard policy.
- E. Remove Any-Optional from the To list of the WatchGuard Web UI policy.
正解: C
質問 32
Match each WatchGuard Subscription Service with its function.
Cloud based service that controls access to website based on a site's previous behavior. (Choose one).
- A. Data Loss Prevention DLP
- B. WebBlocker
- C. Quarantine Server
- D. Application Control
- E. Intrusion Prevention Server IPS
- F. Reputation Enable Defense RED
正解: F
解説:
Explanation/Reference:
Reputation Enable Device (RED) is a cloud-based reputation service that controls user's ability to get main access to web malicious sites. Works in concert with the WebBlocker module.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
質問 33
Match the monitoring tool to the correct task.
Which tool can ping the source of a denied packet? (Select one)
- A. Traffic Monitor
- B. Firebox System Manager - Subscription services
- C. Log Server
- D. FireBox System Manager - Blocked Sites list
- E. FireWatch
- F. Firebox System Manager - Authentication list
正解: A
解説:
Explanation/Reference:
For a quick look at the log messages generated by the Firebox, use Traffic Monitor. With Traffic Monitor, you can apply color to different types of messages, and ping or traceroute to the IP addresses of computers included in the log messages.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
質問 34
With the policies configured as shown in this image, HTTP traffic can be sent and received through branch office VPN tunnel.1 and tunnel.2.
- A. False
- B. True
正解: A
質問 35
Which WatchGuard tools can you use to review the log messages generated by your Firebox? (Select three).
- A. Dimension > Log manager
- B. Fireware XTM Web UI > Traffic Monitor
- C. Firebox SystemManager > Traffic Monitor
- D. Firebox System Manager > Status Report
- E. WatchGuard System Manager > Policy Manager
正解: A,B,C
解説:
A: You can use Firebox System Manager (FSM) to see log messages from your XTM device as they occur.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/fsm/log_msgs_traffic_mon_wsm.html
D: You can use Firebox System Manager to see log messages in real-time on the Traffic Monitor tab. You can also examine log messages with Log Manager or WatchGuard Dimension.
B: After you connect to WatchGuard WebCenter, you can review the log messages sent from your XTM devices to your WatchGuard Log Server. Log Manager enables you to see log messages from your device for any period of time you specify, if log messages were generated in the selected time frame. To see log messages for an XTM device as they are generated, in real-time, you can use Firebox System Manager Traffic Monitor.
Reference:http://www.watchguard.com/help/docs/wsm/XTM_11/en-US/index.html#en-US/logging/log_mgr_view_device_wsm.html
Incorrect:
Not C: The Status Report tab shows statistics about Firebox orXTM device traffic and performance. It does not display log messages.
To see the Status Report:
Start Firebox System Manager.
Select the Status Report tab.
Screen shot of the Firebox System Manager Status Report
質問 36
Match the monitoring tool to the correct task.
Which tool can view a list of users connected to the Firebox? (Select one)
- A. Traffic Monitor
- B. Firebox System Manager - Subscription services
- C. Log Server
- D. FireBox System Manager - Blocked Sites list
- E. FireWatch
- F. Firebox System Manager - Authentication list
正解: F
解説:
You can viewa list of users connected to the Firebox through HostWatch, and you can also use Authentication List, which identifiesthe IP addresses and user names of all the users that are authenticated to the Firebox.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
質問 37
After you enable spamBlocker, your users experience no reduction in the amount of spam they receive. What could explain this? (Select three.)
- A. The spamBlocker action for Confirmed Spam is set to Allow.
- B. A spamBlocker exception is configured to allow traffic from sender *.
- C. Connections cannot be resolved to the spamBlocker servers because DNS is not configured on the Firebox.
- D. The Maximum File Size to Scan option is set too high.
- E. spamBlocker Virus Outbreak Detection is not enabled.
正解: A,B,C
質問 38
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES What settings could you modify in the local device configuration to resolve this issue? (Select one.)
- A. BOVPN-Allow policies
- B. BOVPN Tunnel Route settings
- C. BOVPN Gateway settings
- D. BOVPN Tunnel settings
正解: C
解説:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.
質問 39
An email newsletter about sales from an external company is sometimes blocked by spamBlocker. What option could you choose to make sure the newsletter is delivered to your users? (Select one.)
- A. Add a spamBlocker subject tag for bulk email messages.
- B. Set the spamBlocker action to quarantine the email for later retrieval.
- C. Add a spamBlocker exception based on the From field of the newsletter email.
- D. Set the spamBlocker virus outbreak detection action to allow emails from the newsletter source.
正解: A
質問 40
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.)
- A. Dynamic NAT
- B. Static NAT
- C. 1-to-1 NAT
正解: B
解説:
https://www.watchguard.com/training/fireware/10/fireware10_basics.pdf
See page 76: Static NAT allows inbound connections on specific ports to one or more public servers from a single external IP address. The Firebox changes the destination IP address of the packets and forwards them based on the original destination port number.
質問 41
......
100%合格率リアルEssentials試験成功を掴み取れ:https://www.jpntest.com/shiken/Essentials-mondaishu